In my experience this is what it often boils down to. If access control isn't possible, it immediately and totally rules out using that service. For many companies this is how they have to operate for auditing purposes, and they have to be audited otherwise their clients can't use them, etc.
Although to be honest, out sourcing things like this is often not possible in itself. For internal passwords, everything should be linked to a single-sign-on system of some sort I think.
Although to be honest, out sourcing things like this is often not possible in itself. For internal passwords, everything should be linked to a single-sign-on system of some sort I think.